openfin-onchain
Warn
Audited by Snyk on May 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly calls external public provider endpoints (e.g., GET /token/metadata, /token/portfolio, /token/price using providers like Alchemy, Moralis, Helius, SolScan, Uniblock) and requires the agent to read that token/NFT/metadata (including decimals, logos, raw provider payloads) which can materially affect amount scaling and send decisions, so it consumes untrusted third‑party content as part of its workflow.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly provides on-chain transfer (write) capabilities: it exposes POST /onchain/send and an embedded caller wallet that can perform same-chain transfers of native tokens, ERC‑20, SOL, SPL, with triggers like "send X to Y", "transfer USDC to wallet 0x…", and "pay 50 USDC". It returns tx hashes/signatures and requires an API key. This is a purpose-built crypto payment/transfer tool (wallet + send endpoint), not a generic API caller or browser automation, so it grants direct financial execution authority.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata